My application uses Active Directory Forms Authentication. The login process is painfully slow, usually around 63 seconds. This happens any time any user logs in. App performance is fine as soon as the user is logged in, but very slow while the initial login
request processes. I'm not having any other LDAP performance issues that would lead me to believe this is a network problem.
The login page and web.config are here. I would love any guidance that can be provided to speed up the login process.
<%@ Page Language="VB" AutoEventWireup="false" CodeFile="login.aspx.vb" Inherits="login1" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Helpdesk</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<center><asp:Login id="Login1" runat="server" TitleText="Helpdesk" DisplayRememberMe="False"></asp:Login>
<br />
<asp:panel runat="server" ID="pnlInstruction" Font-Names="Verdana"
Font-Size="Large" style="text-align: justify" Width="350px">To enter this
website, provide the username and password you use when logging on to your
computer.</asp:panel>
</center>
</div>
</form>
</body>
</html>
<?xml version="1.0"?>
<!--
-->
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<!--AJAX Setup-->
<configSections>
<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>
<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/></sectionGroup>
</sectionGroup>
</sectionGroup>
</configSections>
<connectionStrings>
<!-- Override default personalization storage and point to SQL DB-->
<remove name="LocalSqlServer"/>
<add name="LocalSqlServer" connectionString="Data Source=SQL1;Initial Catalog=HelpdeskMembership;Integrated Security=True" providerName="System.Data.SqlClient"/>
<!-- Primary application data storage location-->
<add name="ConnectionString" connectionString="Data Source=SQL1;Initial Catalog=Helpdesk;Integrated Security=True" providerName="System.Data.SqlClient"/>
<!--Connection to Active Directory for integrated authentication features-->
<add name="ADConnectionString" connectionString="LDAP://mydomain.local/OU=GSD,DC=mydomain,DC=local"/>
</connectionStrings>
<!--Set global values to use throughout the application-->
<!--Call these values using the syntax-->
<!--ConfigurationManager.AppSettings("keyName")-->
<appSettings>
<!--EMAILING_ENABLED-->
<!--Enables/Disables email delivery when-->
<!--tickets are created, updated, or closed.-->
<!--Set value="True" to enable, value="False" to disable -->
<add key="Emailing_Enabled" value="True"/>
<!--MYADSPATH-->
<!--The LDAP path to the root user container in Active Directory-->
<add key="myADSPath" value="LDAP://OU=GSD,DC=mydomain,DC=local"/>
<!--MYAPPUSERGROUP-->
<!--The AD Security Group that contains users that-->
<!--can be assigned Roles in the Helpdesk-->
<add key="myAppUserGroup" value="Helpdesk Users"/>
<!--TICKETSTATUS-->
<!--An index of Ticket status values that are stored in-->
<!--the database. They're also listed here for faster reference-->
<!--<add key="TicketStatus-Open" value="1"/>
<add key="TicketStatus-Closed" value="2"/>
<add key="TicketStatus-WaitingForCustomer" value="3"/>
<add key="TicketStatus-WatingForPart" value="4"/>-->
<!--TICKETURL-->
<!--The root URL to tickets in this application-->
<add key="TicketURL" value="https://MYSITEURL/ticketdetail.aspx?tid="/>
</appSettings>
<system.web>
<!--Enable roles-->
<!--If the roleManager attribute defaultProvider-->
<!--is set ="AspNetWindowsTokenRoleProvider" AD-->
<!--groups can be used for roles.-->
<roleManager enabled="true" cookieProtection="All" cookieRequireSSL="True"/>
<!--Use Active Directory Forms authentication-->
<!--Log off users after 60 minutes of inactivity-->
<authentication mode="Forms">
<forms name=".ADAuthCookie" timeout="60" protection="All">
</forms>
</authentication>
<!--Require all cookies to travel over a secure channel-->
<!--httpOnlyCookies="True" prevents cross-site scripting (script insertion in form fields)-->
<!--http://msdn2.microsoft.com/en-us/library/ms228262.aspx-->
<httpCookies requireSSL="true" httpOnlyCookies="true"/>
<!--Allow only authenticated users only, redirect all others to the login page.-->
<authorization>
<deny users="?"/>
</authorization>
<!--Use the AD membership provider to allow domain logins. Set attributeMapUsername="sAMAccountName" -->
<!--to allow users to log in with their SAMAccountName instead of their full UPN.-->
<!--Set enablesearchmethods="true" to pull AD users into the ASP.NET Configuration Website-->
<!--so they can be assigned to Roles.-->
<membership defaultProvider="MyADMembershipProvider">
<providers>
<add name="MyADMembershipProvider" enableSearchMethods="true" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName"/>
</providers>
</membership>
<profile>
<properties>
<!--Properties to store in each user's ASP.NET profile-->
<!--These values are populated when a user loads the Helpdesk home page-->
<!--See default.aspx for more info-->
<add name="FirstName" type="string"/>
<add name="LastName" type="string"/>
<add name="samAccountName" type="string"/>
<add name="DisplayName" type="string"/>
<add name="Email" type="string"/>
</properties>
</profile>
<!--Show users the SiteMap, but only the levels their Role is permitted-->
<!--by setting securityTrimmingEnabled="true". This settings results in -->
<!--the custom toolbar that users see in the top nav because-->
<!--the unordered list is bound to the SiteMap (see MasterPage.Master). -->
<siteMap defaultProvider="AspNetXmlSiteMapProvider" enabled="true">
<providers>
<remove name="AspNetXmlSiteMapProvider"/>
<add name="AspNetXmlSiteMapProvider" type="System.Web.XmlSiteMapProvider" securityTrimmingEnabled="true" siteMapFile="web.sitemap"/>
</providers>
</siteMap>
<!-- Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<compilation debug="true" strict="false" explicit="true">
<assemblies>
<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Management, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Web.Extensions.Design, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/></assemblies>
</compilation>
<!--AJAX Setup-->
<httpHandlers>
<remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/>
</httpHandlers>
<!--AJAX Setup-->
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
</httpModules>
<!--Apply the Helpdesk theme and its skin to all pages-->
<pages theme="GSD" enableEventValidation="false" viewStateEncryptionMode="Never">
<namespaces>
<clear/>
<add namespace="System"/>
<add namespace="System.Collections"/>
<add namespace="System.Collections.Specialized"/>
<add namespace="System.Configuration"/>
<add namespace="System.Data"/>
<add namespace="System.Text"/>
<add namespace="System.Text.RegularExpressions"/>
<add namespace="System.Web"/>
<add namespace="System.Web.Caching"/>
<add namespace="System.Web.SessionState"/>
<add namespace="System.Web.Security"/>
<add namespace="System.Web.Profile"/>
<add namespace="System.Web.UI"/>
<add namespace="System.Web.UI.WebControls"/>
<add namespace="System.Web.UI.WebControls.WebParts"/>
<add namespace="System.Web.UI.HtmlControls"/>
<add namespace="System.DirectoryServices"/>
</namespaces>
<controls>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/></controls>
<tagMapping>
</tagMapping>
</pages>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
-->
<customErrors mode="Off" />
</system.web>
<!---Enable simplified mail delivery using custom class MailHelper.VB-->
<system.net>
<mailSettings>
<smtp>
<network host="eml1.mydomain.local" port="25" userName="" password=""/>
</smtp>
</mailSettings>
</system.net>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules>
<remove name="ScriptModule"/>
<add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
</modules>
<handlers>
<remove name="ScriptHandlerFactory"/>
<remove name="ScriptHandlerFactoryAppServices"/>
<remove name="ScriptResource"/><remove name="WebServiceHandlerFactory-Integrated"/>
<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
</handlers>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
I've discovered that logins are immediate if I run the application in dev mode through VWD (e.g.
http://localhost:4477/website/default.aspx). No delay on login when accessing the application this way. However, if I log in to the site from the
same machine at its public URL, logins take over a minute.
gsdtech
Participant
1227 Points
190 Posts
Slow Logon with Active Directory Forms Authentication
Mar 10, 2009 10:56 PM|LINK
My application uses Active Directory Forms Authentication. The login process is painfully slow, usually around 63 seconds. This happens any time any user logs in. App performance is fine as soon as the user is logged in, but very slow while the initial login request processes. I'm not having any other LDAP performance issues that would lead me to believe this is a network problem.
The login page and web.config are here. I would love any guidance that can be provided to speed up the login process.
<%@ Page Language="VB" AutoEventWireup="false" CodeFile="login.aspx.vb" Inherits="login1" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>Helpdesk</title> </head> <body> <form id="form1" runat="server"> <div> <center><asp:Login id="Login1" runat="server" TitleText="Helpdesk" DisplayRememberMe="False"></asp:Login> <br /> <asp:panel runat="server" ID="pnlInstruction" Font-Names="Verdana" Font-Size="Large" style="text-align: justify" Width="350px">To enter this website, provide the username and password you use when logging on to your computer.</asp:panel> </center> </div> </form> </body> </html>gsdtech
Participant
1227 Points
190 Posts
Re: Slow Logon with Active Directory Forms Authentication
Mar 19, 2009 10:46 PM|LINK
Is there additional information I can provide to help solicit some feedback? Please let me know if any additional information would be helpful.
gsdtech
Participant
1227 Points
190 Posts
Re: Slow Logon with Active Directory Forms Authentication
Apr 15, 2009 03:49 AM|LINK
I've discovered that logins are immediate if I run the application in dev mode through VWD (e.g. http://localhost:4477/website/default.aspx). No delay on login when accessing the application this way. However, if I log in to the site from the same machine at its public URL, logins take over a minute.
Any insight would be greatly appreciated.
Thanks.
bob808
Member
20 Points
7 Posts
Re: Slow Logon with Active Directory Forms Authentication
Jul 06, 2009 08:59 PM|LINK
Try this: https://elgg.leeds.ac.uk/webteam/weblog/15385.html
gsdtech
Participant
1227 Points
190 Posts
Re: Slow Logon with Active Directory Forms Authentication
Jul 17, 2009 04:30 PM|LINK
Thanks a ton, bob808. So far so good. My logins are almost instantaneous now.
bob808
Member
20 Points
7 Posts
Re: Slow Logon with Active Directory Forms Authentication
Jul 20, 2009 02:14 PM|LINK
Excellent. In my situation, I actually used another solution that works very well.
I added port# 389 to my Active Directory ConnectionString, like so, LDAP://mydomain.local:389/
My login is extremely fast and works well from any location within the firewall.
Here is the link to the article I used: http://www.thorprojects.com/blog/archive/2007/06/24/system-directoryservices-protocols-a-k-a-ldap-is-your-friend.aspx
LDAP authentication Active Directory asp.net 2.0 LdapConnection